Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/pag0GeCqVdLHCY4pszdWGn3sAsk.roa
File:                     pag0GeCqVdLHCY4pszdWGn3sAsk.roa (raw, json)
Hash identifier:          KJJPqmVftQhIyPWzQy0VkGWSKaqxiPtfToEUS35Qrpc=
Subject key identifier:   A5:A8:34:19:E0:AA:55:D2:C7:09:8E:29:B3:37:56:1A:7D:EC:02:C9
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       018EB4C466EF3D0F834D4D995D81E877C3EC
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/pag0GeCqVdLHCY4pszdWGn3sAsk.roa
Signing time:             Sat 06 Apr 2024 18:55:54 +0000
ROA not before:           Sat 06 Apr 2024 18:55:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        123.253.212.0/23 maxlen: 23
                          141.98.137.0/24 maxlen: 24
                          141.98.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b4:c4:66:ef:3d:0f:83:4d:4d:99:5d:81:e8:77:c3:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Apr  6 18:55:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5a83419e0aa55d2c7098e29b337561a7dec02c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d0:21:b0:2b:74:ef:f6:97:74:a6:16:4f:b3:
                    75:e4:06:f6:d7:35:a3:5e:8b:91:64:3a:48:70:50:
                    7f:0e:43:39:e7:fa:ac:3a:a3:7b:ba:f8:9f:5d:d5:
                    cc:5a:c3:e8:1a:6a:9c:cd:da:1d:49:8f:a0:1a:13:
                    3f:31:a6:88:55:e7:9e:d7:3e:f6:a5:91:d2:48:d6:
                    ac:ad:0a:cf:41:49:fd:c1:bb:06:02:28:ea:e5:b8:
                    d5:ee:dd:d5:38:e2:38:c7:8e:ee:87:de:6f:8f:b9:
                    d8:2c:a7:6e:10:a1:d5:6a:d1:d3:08:82:f1:be:51:
                    2a:5d:f5:42:ab:8e:1b:19:32:c0:f3:77:10:4f:10:
                    3a:c0:e7:af:d5:8e:30:d3:00:2f:f8:de:40:6b:51:
                    f7:68:37:6b:51:10:22:3a:25:09:29:f2:d8:a5:7f:
                    91:49:0e:2d:49:68:4c:be:06:51:c7:d3:b6:bf:46:
                    c2:f9:3c:a1:9b:5e:6f:76:b3:e6:08:2a:21:2e:42:
                    b6:6d:cf:18:63:7a:25:6c:a3:82:e3:37:35:c8:54:
                    cf:de:5b:e8:de:91:c1:ac:b2:d3:44:01:9f:60:40:
                    50:12:2e:fc:59:9d:5d:27:36:63:3e:34:e6:49:2b:
                    1c:61:25:af:f9:db:31:bd:af:ab:c9:2f:47:3e:f0:
                    5e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:A8:34:19:E0:AA:55:D2:C7:09:8E:29:B3:37:56:1A:7D:EC:02:C9
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/pag0GeCqVdLHCY4pszdWGn3sAsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.253.212.0/23
                  141.98.137.0/24
                  141.98.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:eb:9e:53:b4:13:18:aa:1a:1d:c8:95:3f:5e:97:69:fe:14:
         b7:d9:05:f2:39:8b:1c:bd:10:55:57:93:83:ad:bd:e7:df:20:
         70:29:62:e2:6e:23:20:25:ef:37:50:06:d4:8f:d8:48:27:ce:
         bc:f5:72:89:90:24:cd:4c:ec:33:a7:51:a2:97:ce:bc:26:73:
         ae:9f:82:6d:df:90:fb:fc:a3:36:34:68:7a:02:11:f4:3f:54:
         54:03:91:03:41:46:9b:3f:95:78:76:17:7b:7f:e9:ae:b9:37:
         9b:c1:86:16:ea:a3:4e:81:fc:79:da:c4:24:e3:c4:ed:d5:b0:
         df:ba:27:f1:cc:7d:c6:aa:55:57:fa:ac:75:0a:f1:8e:04:a0:
         1d:c0:74:bf:f2:2f:74:98:28:10:7a:1a:2b:00:45:27:d8:8e:
         0d:12:0c:5c:cc:1d:00:90:ae:53:27:11:65:b0:ca:38:d6:b1:
         64:c5:8f:37:0d:29:85:61:df:ac:99:96:44:c1:f6:45:94:04:
         6d:e9:b2:a6:99:02:cb:e9:ad:20:fb:66:85:9e:39:4f:73:3d:
         32:05:26:f3:26:35:00:a8:35:1a:1b:31:7b:34:c5:4c:90:65:
         75:47:81:f5:25:e4:64:8c:97:72:5c:bc:1f:21:74:91:13:b2:
         5d:97:89:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY60xGbvPQ+DTU2ZXYHod8PsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjQwNDA2MTg1NTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWE4MzQxOWUwYWE1NWQyYzcwOThlMjliMzM3NTYxYTdkZWMwMmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdAhsCt07/aXdKYWT7N15Ab21zWj
XouRZDpIcFB/DkM55/qsOqN7uvifXdXMWsPoGmqczdodSY+gGhM/MaaIVeee1z72
pZHSSNasrQrPQUn9wbsGAijq5bjV7t3VOOI4x47uh95vj7nYLKduEKHVatHTCILx
vlEqXfVCq44bGTLA83cQTxA6wOev1Y4w0wAv+N5Aa1H3aDdrURAiOiUJKfLYpX+R
SQ4tSWhMvgZRx9O2v0bC+Tyhm15vdrPmCCohLkK2bc8YY3olbKOC4zc1yFTP3lvo
3pHBrLLTRAGfYEBQEi78WZ1dJzZjPjTmSSscYSWv+dsxva+ryS9HPvBeDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKWoNBngqlXSxwmOKbM3Vhp97ALJMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvcGFnMEdlQ3FWZExIQ1k0cHN6ZFdHbjNzQXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBe/3UAwQA
jWKJAwQAjWKLMA0GCSqGSIb3DQEBCwUAA4IBAQAN655TtBMYqhodyJU/Xpdp/hS3
2QXyOYscvRBVV5ODrb3n3yBwKWLibiMgJe83UAbUj9hIJ8689XKJkCTNTOwzp1Gi
l868JnOun4Jt35D7/KM2NGh6AhH0P1RUA5EDQUabP5V4dhd7f+muuTebwYYW6qNO
gfx52sQk48Tt1bDfuifxzH3GqlVX+qx1CvGOBKAdwHS/8i90mCgQehorAEUn2I4N
EgxczB0AkK5TJxFlsMo41rFkxY83DSmFYd+smZZEwfZFlARt6bKmmQLL6a0g+2aF
njlPcz0yBSbzJjUAqDUaGzF7NMVMkGV1R4H1JeRkjJdyXLwfIXSRE7Jdl4ki
-----END CERTIFICATE-----